diff --git a/CHANGELOG.md b/CHANGELOG.md index ac02502..daa81b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,27 @@ # Changelog for SAS Viya ARK - +## Viya35-ark-1.19 - March 25, 2024 +- **Summary** + * Changes related to Viya 3.5 support for a new range of Ansible versions. + * Changes related to jinja2 templating delimiter usage in conditionals. + * Removed Pre-Install Playbook ssl_check tasks. The check is no longer needed + in viya-ark as SAS Viya 3.5 deployment process will automatically install Apache httpd. +- Ansible Support: Ansible 2.14 - 2.16 + +## Viya35-ark-1.18 - November, 8 2023 +- **Summary** + Updates supporting SAS Viya 3.5 PostgreSQL 15 & pgpool-II 4.4 updates. Documentation updates related to contributing to the project. +- Ansible Support: Ansible 2.12 - Ansible 2.14 + +## Viya35-ark-1.17 - August 2, 2023 +- **Summary**: + Fix for sas-viya-launcher-default service not stopped by viya-services-stop.yml (#92 ) +- Ansible Support: Ansible 2.12 - Ansible 2.14 + ## Viya35-ark-1.16 - May 24, 2023 - **Sumary**: Changes related to Viya 3.5 support for new range of Ansible versions and new minimum Python version. - Ansible Support: Ansible 2.12 - Ansible 2.14 - ## Viya35-ark-1.15 - August 23, 2022 - **Sumary**: diff --git a/playbooks/ldap-validator/viyaldapvalidator.yml b/playbooks/ldap-validator/viyaldapvalidator.yml index bd23c42..8526e3c 100644 --- a/playbooks/ldap-validator/viyaldapvalidator.yml +++ b/playbooks/ldap-validator/viyaldapvalidator.yml @@ -43,8 +43,8 @@ - name: Assert that the most important variables are defined assert: that: - - "{{ item }} is defined" - - "{{ item }} | trim != '' " + - item is defined + - item | trim != '' msg: | This item is not defined or empty in your sitedefault file: {{item}} diff --git a/playbooks/pre-install-playbook/roles/viya-ark.preinstall/defaults/main.yml b/playbooks/pre-install-playbook/roles/viya-ark.preinstall/defaults/main.yml index 499cd51..7833dd3 100644 --- a/playbooks/pre-install-playbook/roles/viya-ark.preinstall/defaults/main.yml +++ b/playbooks/pre-install-playbook/roles/viya-ark.preinstall/defaults/main.yml @@ -39,9 +39,6 @@ storage_list: - { path: /var/cache, min_storage_mb: 15000, min_io: 2} - { path: /opt, min_storage_mb: 40000, min_io: 2, permission: 755} -ssl_dir_path: - - { path: /etc/apache2} - - { path: /etc/httpd} # # this line can be added to check on another partition @@ -195,9 +192,9 @@ sas_yum_urls: ## third-party software requirements -required_ansible_min_version: "2.12" -required_ansible_max_version: "2.14" -ansible_version_compare_max_version: "2.15" # Must be set one minor version above required_ansible_max_version +required_ansible_min_version: "2.14" +required_ansible_max_version: "2.16" +ansible_version_compare_max_version: "2.17" # Must be set one minor version above required_ansible_max_version required_python_min_version: "3.10" diff --git a/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/main.yml b/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/main.yml index 0b18f22..45fd274 100644 --- a/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/main.yml +++ b/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/main.yml @@ -20,7 +20,6 @@ - import_tasks: pre.max_os_tasks_config.yml - import_tasks: pre.user_and_group_config.yml - import_tasks: pre.sudo_access_check.yml -- import_tasks: pre.ssl_check.yml - import_tasks: pre.proxy_check.yml - import_tasks: pre.selinux_config.yml - import_tasks: pre.ulimit_config.yml diff --git a/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.proxy_check.yml b/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.proxy_check.yml index 3ef525a..e79b6b9 100644 --- a/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.proxy_check.yml +++ b/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.proxy_check.yml @@ -1,5 +1,5 @@ # -# Copyright (c) 2019-2020, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright (c) 2019-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # --- @@ -62,7 +62,7 @@ - name: "Assert that https_proxy is set as environment variable" assert: that: - - ("{{ https_proxy }}" != "") + - (https_proxy != "") msg: | The environment variable "https_proxy" is not set in environment variables If your organization uses a forward HTTP proxy server, It should be set as ex. @@ -94,7 +94,7 @@ - name: "Assert that http_proxy is set as environment variable" assert: that: - - ("{{ http_proxy }}" != "") + - (http_proxy != "") msg: | The environment variable "http_proxy" is not set in environment variables If your organization uses a forward HTTP proxy server, It should be set as ex. @@ -127,7 +127,7 @@ - name: "Assert that no_proxy is set as environment variable if https_proxy and http_proxy are set" assert: that: - - ((("{{ https_proxy }}" != "" ) and ("{{ http_proxy }}" != "" )) and ("{{ no_proxy }}" != "")) + - ((( https_proxy != "" ) and ( http_proxy != "" )) and ( no_proxy != "")) msg: | The environment variable "no_proxy" is not set in environment variables If your organization uses a forward HTTP proxy server, It should be set as ex. @@ -156,7 +156,7 @@ - name: "Assert that proxy is set in yum.conf if https_proxy and http_proxy are set" assert: that: - - ("{{ proxy_conf_exists.stdout }}" != "" ) + - ( proxy_conf_exists.stdout != "" ) msg: The variable "proxy" is not set in yum.conf file when: (https_proxy != "") and (http_proxy != "") and not ansible_check_mode @@ -177,7 +177,7 @@ - name: "Assert that proxy_username is set in yum.conf if https_proxy and http_proxy are set" assert: that: - - ("{{ proxyuser_conf_exists.stdout }}" != "" ) + - ( proxyuser_conf_exists.stdout != "" ) msg: The variable "proxy_username" is not set in yum.conf file when: (https_proxy != "") and (http_proxy != "") and not ansible_check_mode @@ -198,7 +198,7 @@ - name: "Assert that proxy_password is set in yum.conf if https_proxy and http_proxy are set" assert: that: - - ("{{ proxypass_conf_exists.stdout }}" != "" ) + - ( proxypass_conf_exists.stdout != "" ) msg: The variable "proxy_password" is not set in yum.conf file. when: (https_proxy != "") and (http_proxy != "") and not ansible_check_mode diff --git a/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.shell_check.yml b/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.shell_check.yml index 63a35ea..fc9e4bc 100644 --- a/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.shell_check.yml +++ b/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.shell_check.yml @@ -1,5 +1,5 @@ # -# Copyright (c) 2019-2020, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright (c) 2019-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # --- @@ -18,7 +18,7 @@ - name: Ensure that the Bash shell is installed assert: that: - - ({{ current_shell.rc }} == 0) + - current_shell.rc == 0 msg: | Bash does not appear to be installed on this system. Viya requires that the default system shell is bash. diff --git a/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.ssl_check.yml b/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.ssl_check.yml deleted file mode 100644 index 25e5935..0000000 --- a/playbooks/pre-install-playbook/roles/viya-ark.preinstall/tasks/pre.ssl_check.yml +++ /dev/null @@ -1,155 +0,0 @@ -# -# Copyright (c) 2019-2020, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 -# ---- - -#################################################################### -## SSL Certificate Check -#################################################################### -# Test harness: -# make it pass -# ansible-playbook -i pre-install.inventory.ini viya_pre_install_playbook.yml --tags ssl_cert_check -e '{"ssl_dir_path": [ { "path": "/etc/httpd" }, {"path": "/etc/apache2"}] }' -# make it skip -# ansible-playbook -i pre-install.inventory.ini viya_pre_install_playbook.yml --tags ssl_cert_check -e '{"ssl_dir_path": [ { "path": "/etc/pki/tls/certs" }] }' -# make it skip -# ansible-playbook -i pre-install.inventory.ini viya_pre_install_playbook.yml --tags ssl_cert_check -e '{"ssl_dir_path": [ { "path": "/etc/pki/tls/certs" }] }' --check -# make it fail only if certificate exists and it is expire -# ansible-playbook -i pre-install.inventory.ini viya_pre_install_playbook.yml --tags ssl_cert_check - - -- block: - - name: "Get status of ssl configuration directories" - shell: grep -rvxE '[[:blank:]]*([#;].*)?' {{ item.path}}| grep -E "SSLCertificateFile"|sed 's/^[ \t]*//;s/[ \t]*$//'|cut -f2- -d' ' - become: yes - check_mode: no - changed_when: False - register: "ssl_exists" - with_items: - - "{{ssl_dir_path}}" - tags: - - ssl_cert_check - - - name: "Show the status of ssl configuration directories" - debug: var=ssl_exists - tags: - - ssl_cert_check - - - name: "Get stat of Certificate file" - stat: - path: "{{ item.stdout }}" - register: "certfile_exist" - with_items: - - "{{ssl_exists.results}}" - tags: - - ssl_cert_check - - - - - name: "Filter out the dir which has ssl certificate" - set_fact: - ssldir_list: - "{{item.stat.path}}" - with_items: - - "{{certfile_exist.results}}" - when: item.stat.exists - tags: - - ssl_cert_check - - - name: "Show the status of certificate file" - debug: var=ssldir_list - tags: - - ssl_cert_check - - - name: "Show the status of certificate file" - debug: msg="Certificate file exists" - when: ssldir_list is defined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - - name: "Show the status of file" - debug: msg="Certificate file does not exist, skipping ssl certificate check" - when: ssldir_list is undefined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - - name: Check the certificate basic constraint - shell: openssl x509 -noout -text -in {{ ssldir_list }}|grep -e "^\\s*CA:\(TRUE\|FALSE\)"|tr -d '[:space:]'|sed 's/CA:\(TRUE\|FALSE\)/\1/' - register: ca_status - check_mode: no - changed_when: False - when: ssldir_list is defined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - - name: Show the basic constraint of the certificate - debug: - msg: "basic constraint : {{ca_status.stdout}}" - when: ssldir_list is defined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - - name: Check the dates of the certificate - shell: openssl x509 -noout -dates -in {{ ssldir_list }} | cut -d= -f 2- - register: date_status - check_mode: no - changed_when: False - when: ssldir_list is defined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - - name: Show the dates of the certificate - debug: - msg: "Certificate Start Date and End Date : {{date_status.stdout_lines}}" - when: ssldir_list is defined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - - name: "filter out the start date of the certificate" - set_fact: - start_date: - "{{ date_status.stdout_lines[0]}}" - check_mode: no - when: not ansible_check_mode and ssldir_list is defined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - - name: "filter out the expiry date of the certificate" - set_fact: - end_date: - "{{ date_status.stdout_lines[1]}}" - check_mode: no - when: not ansible_check_mode and ssldir_list is defined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - - name: start date of the certificate in epoch mode - shell: date +%s --date "{{start_date}}" - register: date_start - check_mode: no - changed_when: False - when: not ansible_check_mode and ssldir_list is defined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - - name: expiry date of the certificate in epoch mode - shell: date +%s --date "{{end_date}}" - register: date_end - check_mode: no - changed_when: False - when: not ansible_check_mode and ssldir_list is defined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - - name: Check if the certificate is Valid - assert: - that: - - "{{ansible_date_time.epoch}} > {{date_start.stdout}} and {{ansible_date_time.epoch}} < {{date_end.stdout}}" - msg: | - If this machine currently includes the HTTP proxy installation, please check the validity of the certificate. The certificate was expired on : {{end_date}}. If you prefer to bypass this HTTP proxy check for now, add --skip-tags ssl_check. - when: not ansible_check_mode and ssldir_list is defined and (ssldir_list | trim != '') - tags: - - ssl_cert_check - - tags: - - ssl_check